Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39325 (GCVE-0-2023-39325)
Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.20.10
(semver)
Affected: 1.21.0-0 , < 1.21.3 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534215"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.serve"
},
{
"name": "http2serverConn.processHeaders"
},
{
"name": "http2serverConn.upgradeRequest"
},
{
"name": "http2serverConn.runHandler"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.21.3",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.serve"
},
{
"name": "serverConn.processHeaders"
},
{
"name": "serverConn.upgradeRequest"
},
{
"name": "serverConn.runHandler"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:05:57.980Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/63417"
},
{
"url": "https://go.dev/cl/534215"
},
{
"url": "https://go.dev/cl/534235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "HTTP/2 rapid reset can cause excessive work in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39325",
"datePublished": "2023-10-11T21:15:02.727Z",
"dateReserved": "2023-07-27T17:05:55.188Z",
"dateUpdated": "2025-02-13T17:02:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39325",
"date": "2026-07-01",
"epss": "0.03796",
"percentile": "0.88676"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.20.0\", \"versionEndExcluding\": \"1.20.10\", \"matchCriteriaId\": \"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.3\", \"matchCriteriaId\": \"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"}, {\"lang\": \"es\", \"value\": \"Un cliente HTTP/2 malicioso que crea solicitudes r\\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\\u00famero total de solicitudes est\\u00e1 limitado por la configuraci\\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\\u00fan se est\\u00e1 ejecutando. Con la soluci\\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\\u00famero de rutinas de controlador que se ejecutan simult\\u00e1neamente al l\\u00edmite de concurrencia de transmisi\\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\\u00edmite (lo que solo puede ocurrir despu\\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\\u00e1 la conexi\\u00f3n. Este problema tambi\\u00e9n se solucion\\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\\u00f3n Server.MaxConcurrentStreams y la funci\\u00f3n ConfigureServer.\"}]",
"id": "CVE-2023-39325",
"lastModified": "2024-11-21T08:15:09.627",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-11T22:15:09.880",
"references": "[{\"url\": \"https://go.dev/cl/534215\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/534235\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/63417\", \"source\": \"security@golang.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\", \"source\": \"security@golang.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2102\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231110-0008/\", \"source\": \"security@golang.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://go.dev/cl/534215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/cl/534235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://go.dev/issue/63417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231110-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39325\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-11T22:15:09.880\",\"lastModified\":\"2026-06-17T06:12:02.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"},{\"lang\":\"es\",\"value\":\"Un cliente HTTP/2 malicioso que crea solicitudes r\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\u00famero total de solicitudes est\u00e1 limitado por la configuraci\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\u00fan se est\u00e1 ejecutando. Con la soluci\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\u00famero de rutinas de controlador que se ejecutan simult\u00e1neamente al l\u00edmite de concurrencia de transmisi\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\u00edmite (lo que solo puede ocurrir despu\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\u00e1 la conexi\u00f3n. Este problema tambi\u00e9n se solucion\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\u00f3n Server.MaxConcurrentStreams y la funci\u00f3n ConfigureServer.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"http2serverConn.serve\"},{\"name\":\"http2serverConn.processHeaders\"},{\"name\":\"http2serverConn.upgradeRequest\"},{\"name\":\"http2serverConn.runHandler\"},{\"name\":\"ListenAndServe\"},{\"name\":\"ListenAndServeTLS\"},{\"name\":\"Serve\"},{\"name\":\"ServeTLS\"},{\"name\":\"Server.ListenAndServe\"},{\"name\":\"Server.ListenAndServeTLS\"},{\"name\":\"Server.Serve\"},{\"name\":\"Server.ServeTLS\"},{\"name\":\"http2Server.ServeConn\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.20.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.21.0-0\",\"lessThan\":\"1.21.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http2\",\"programRoutines\":[{\"name\":\"serverConn.serve\"},{\"name\":\"serverConn.processHeaders\"},{\"name\":\"serverConn.upgradeRequest\"},{\"name\":\"serverConn.runHandler\"},{\"name\":\"Server.ServeConn\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.17.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/534215\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/534215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:6031
Vulnerability from csaf_redhat - Published: 2023-10-23 14:24 - Updated: 2026-07-01 19:30A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang.org/x/net/html: Cross site scripting (CVE-2023-3978)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6031",
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2023:5455",
"url": "https://access.redhat.com/errata/RHSA-2023:5455"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6031.json"
}
],
"title": "Red Hat Security Advisory: Cryostat security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:45+00:00",
"generator": {
"date": "2026-07-01T19:30:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6031",
"initial_release_date": "2023-10-23T14:24:36+00:00",
"revision_history": [
{
"date": "2023-10-23T14:24:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T14:24:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.3.1-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3978",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim\u0027s web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Cross site scripting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3978"
},
{
"category": "external",
"summary": "RHBZ#2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978"
},
{
"category": "external",
"summary": "https://go.dev/cl/514896",
"url": "https://go.dev/cl/514896"
},
{
"category": "external",
"summary": "https://go.dev/issue/61615",
"url": "https://go.dev/issue/61615"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1988",
"url": "https://pkg.go.dev/vuln/GO-2023-1988"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Cross site scripting"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6039
Vulnerability from csaf_redhat - Published: 2023-10-23 18:30 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, you can investigate problems with a machine, or perform operations on the underlying machine, that might result in a node failure.\n\nThis version contains fixes for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6039",
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6039.json"
}
],
"title": "Red Hat Security Advisory: Node Maintenance Operator 5.0.1 security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:45+00:00",
"generator": {
"date": "2026-07-01T19:30:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6039",
"initial_release_date": "2023-10-23T18:30:46+00:00",
"revision_history": [
{
"date": "2023-10-23T18:30:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:30:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Node Maintenance Operator 5.0 for RHEL 8",
"product": {
"name": "Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_nmo:5.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product": {
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product_id": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-must-gather-rhel8\u0026tag=v5.0.1-55"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product_id": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-operator-bundle\u0026tag=v5.0.1-55"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product_id": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-rhel8-operator\u0026tag=v5.0.1-55"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64"
},
"product_reference": "workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
},
"product_reference": "workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64 as a component of Node Maintenance Operator 5.0 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
},
"product_reference": "workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6039"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-must-gather-rhel8@sha256:21c3c638dc206d3f4a4b0295455e8f26e679a6c30a74746bc1be8d080dcf6883_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-operator-bundle@sha256:9fe87e1b0c49dd00a6ab0c35b68ebf641f347ac5b405d31f3c5ace02a7a30540_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.0:workload-availability/node-maintenance-rhel8-operator@sha256:6aa1ce70d3d9cc464ae84efce5d0c88a81cdda713a51611be873b550842bde82_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6040
Vulnerability from csaf_redhat - Published: 2023-10-23 18:30 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, you can investigate problems with a machine, or perform operations on the underlying machine, that might result in a node failure.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6040",
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6040.json"
}
],
"title": "Red Hat Security Advisory: Node Maintenance Operator 5.2.1 security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:45+00:00",
"generator": {
"date": "2026-07-01T19:30:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6040",
"initial_release_date": "2023-10-23T18:30:57+00:00",
"revision_history": [
{
"date": "2023-10-23T18:30:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:30:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Node Maintenance Operator 5.2 for RHEL 8",
"product": {
"name": "Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_nmo:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product_id": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-operator-bundle\u0026tag=v5.2.1-9"
}
}
},
{
"category": "product_version",
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product_id": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/node-maintenance-rhel8-operator\u0026tag=v5.2.1-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64 as a component of Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
},
"product_reference": "workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64 as a component of Node Maintenance Operator 5.2 for RHEL 8",
"product_id": "8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
},
"product_reference": "workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64",
"relates_to_product_reference": "8Base-NODE-MAINTENANCE-OPERATOR-5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"known_not_affected": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:30:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6040"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-operator-bundle@sha256:35d2c7c2849f89474fd5648a0d2781dde28131303cc8a597ce243a3e314fe0af_amd64",
"8Base-NODE-MAINTENANCE-OPERATOR-5.2:workload-availability/node-maintenance-rhel8-operator@sha256:5075d5702c0c8ffa792b40f09787ac3e6c3be9283c179c11cc40216a194b05a5_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6041
Vulnerability from csaf_redhat - Published: 2023-10-23 18:31 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6041",
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6041.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:46+00:00",
"generator": {
"date": "2026-07-01T19:30:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6041",
"initial_release_date": "2023-10-23T18:31:18+00:00",
"revision_history": [
{
"date": "2023-10-23T18:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.7 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_snr:0.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.7.1-6"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.7.1-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6042
Vulnerability from csaf_redhat - Published: 2023-10-23 18:39 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6042",
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6042.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:46+00:00",
"generator": {
"date": "2026-07-01T19:30:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6042",
"initial_release_date": "2023-10-23T18:39:36+00:00",
"revision_history": [
{
"date": "2023-10-23T18:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:39:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.5 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_snr:0.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_id": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-must-gather-rhel8\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.5.1-45"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64"
},
"product_reference": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6044
Vulnerability from csaf_redhat - Published: 2023-10-23 19:21 - Updated: 2026-02-03 02:59A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6044",
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6044.json"
}
],
"title": "Red Hat Security Advisory: Cost Management security update",
"tracking": {
"current_release_date": "2026-02-03T02:59:37+00:00",
"generator": {
"date": "2026-02-03T02:59:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2023:6044",
"initial_release_date": "2023-10-23T19:21:34+00:00",
"revision_history": [
{
"date": "2023-10-23T19:21:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T19:21:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-03T02:59:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cost Management for RHEL 8",
"product": {
"name": "Cost Management for RHEL 8",
"product_id": "8Base-costmanagement",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cost_management:1::el8"
}
}
}
],
"category": "product_family",
"name": "Cost Management"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_id": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle\u0026tag=3.0.1-1"
}
}
},
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.0.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"relates_to_product_reference": "8Base-costmanagement"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6048
Vulnerability from csaf_redhat - Published: 2023-10-23 20:24 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.2.2 includes fixes for the following security\nvulnerabilities:\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nIt contains the following bug fixes and changes:\n\n* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)\n\n* RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of\nService Vulnerability in HTTP/2 Protocol\". This policy alerts on\ndeployments with images containing components that are susceptible to a\nDenial of Service (DoS) vulnerability for HTTP/2 servers, based on\nCVE-2023-44487 and CVE-2023-39325. This policy applies to the build or\ndeploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6048",
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42",
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6048.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.2 enhancement and security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:46+00:00",
"generator": {
"date": "2026-07-01T19:30:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6048",
"initial_release_date": "2023-10-23T20:24:48+00:00",
"revision_history": [
{
"date": "2023-10-23T20:24:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T20:24:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.2 for RHEL 8",
"product": {
"name": "RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6057
Vulnerability from csaf_redhat - Published: 2023-10-23 21:13 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6057",
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6057.json"
}
],
"title": "Red Hat Security Advisory: toolbox security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:46+00:00",
"generator": {
"date": "2026-07-01T19:30:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6057",
"initial_release_date": "2023-10-23T21:13:36+00:00",
"revision_history": [
{
"date": "2023-10-23T21:13:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:13:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.src",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.src",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:13:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:13:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6059
Vulnerability from csaf_redhat - Published: 2023-10-23 21:20 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1\n\nThe tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6059",
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html",
"url": "https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "SRVKP-3551",
"url": "https://issues.redhat.com/browse/SRVKP-3551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6059.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:48+00:00",
"generator": {
"date": "2026-07-01T19:30:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6059",
"initial_release_date": "2023-10-23T21:20:26+00:00",
"revision_history": [
{
"date": "2023-10-23T21:20:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:20:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product": {
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:20:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:20:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6061
Vulnerability from csaf_redhat - Published: 2023-10-23 21:57 - Updated: 2026-07-01 19:30A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Pipelines 1.12.1 has been released.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat OpenShift Pipelines consists of:\n\n- Tekton Pipelines 0.50.x\n- Tekton Triggers 0.25.x\n- ClusterTasks based on Tekton Catalog\n- Tekton tkn CLI 0.32.x\n- Tekton Operator 0.68.x\n- Tekton Chains 0.17.x (GA)\n- Tekton Hub 1.14.x (TP)\n- Tekton Result 0.8.x (TP)\n- Pipelines-as-Code 0.21.x (GA)\n\nFor more information, see the Release Notes on any one of the following platforms:\n\n- Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-12_op-release-notes\n\n- OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-12_op-release-notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6061",
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html",
"url": "https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "SRVKP-3550",
"url": "https://issues.redhat.com/browse/SRVKP-3550"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6061.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update",
"tracking": {
"current_release_date": "2026-07-01T19:30:47+00:00",
"generator": {
"date": "2026-07-01T19:30:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:6061",
"initial_release_date": "2023-10-23T21:57:37+00:00",
"revision_history": [
{
"date": "2023-10-23T21:57:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:57:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:30:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product": {
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nIf you selected the Automatic update strategy when you installed the Red Hat OpenShift Pipelines operator, the operator applies this update automatically. If you selected the Manual update strategy, use the OpenShift Container Platform web console to approve the update. For instructions about approving\nthe update, see:\n\nhttps://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[\u2026]e_olm-upgrading-operators",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nIf you selected the Automatic update strategy when you installed the Red Hat OpenShift Pipelines operator, the operator applies this update automatically. If you selected the Manual update strategy, use the OpenShift Container Platform web console to approve the update. For instructions about approving\nthe update, see:\n\nhttps://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[\u2026]e_olm-upgrading-operators",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.